We only support the latest code on the main branch. If a tagged release exists, security fixes are backported to the latest minor release only.

• Please submit a private report via GitHub “Report a vulnerability” (Security Advisory) for this repo. Avoid opening public issues or PRs for suspected security bugs.
• Include reproduction steps, affected components (e.g., Standalone, XSIAM), environment details, and any proof-of-concept or logs.
• We will acknowledge reports within 2 business days and provide progress updates at least weekly until resolution.
• If the issue involves a third-party dependency, we will coordinate any upstream disclosure alongside our fix.